Credentials & secrets
The things that turn a leaked prompt into an incident.
- API keys & access tokens
- .env values and connection strings
- Private keys & Authorization headers
- OAuth and session tokens
sk-…AKIA…ghp_…xoxb-…-----BEGIN KEY-----
local privacy proxy · for any AI, including agents
One local control point for every prompt that leaves — interactive or autonomous.
scrubadubber runs a local proxy in front of anything that calls an LLM. Every outbound request passes through first — whether you typed it or an agent sent it — so credentials, PII, and proprietary code are scrubbed before they leave. Your workflow doesn't change.
Works with Claude Code, Aider, and more.
Windows v0.1.6 — validated end-to-end macOS build in validation
# your tool runs exactly as before
$ aider --model claude
↓ intercepted by scrubadubber
POST api.anthropic.com/v1/messages
authorization: bearer scrubbed · api-key
"wire up billing in scrubbed · src/billing/charge.ts"
scrubbed · 38 lines proprietary code
↑ forwarded clean — secrets stayed home How it works
Three steps. Zero workflow changes.
scrubadubber sits between your tool and the model. You keep typing the same commands — it quietly cleans what goes out.
- 01
Intercept
scrubadubber runs as a proxy on localhost. Your tool points at it instead of the API, so every outbound request passes through first — nothing is sent directly.
- 02
Scrub
Each request is scanned for credentials, tokens, .env values, PII, and code you mark proprietary. Matches are swapped for realistic stand-ins — coherent fakes, not blacked-out redactions — before anything leaves your machine.
- 03
Forward
The cleaned request goes to the real upstream API — Anthropic, OpenAI, and others. When the response returns, your real values are restored locally, so what you see is exactly right. Added latency is negligible.
Coherent fakes, not redaction. The same real value always becomes the same realistic stand-in — a believable key, name, or path — so the model reasons about your request correctly instead of choking on blacked-out holes. Real values are restored locally before the response reaches you.
The re-identification key lives in a local file and never leaves the device — no vendor in the loop, nothing of yours for anyone to process.
What gets protected
Built to catch what you can't afford to leak.
scrubadubber recognizes well-known secret formats out of the box, plus the patterns and paths you mark sensitive.
Personal data (PII)
Customer and personal details that shouldn’t train anyone’s model.
- Emails, phone numbers, addresses
- Names tied to records
- Customer data pasted into prompts
- Common ID and card-number formats
name@co.com+1 555…SSN4111 1111 … Proprietary code & IP
The source and structure that make your product yours.
- Files & paths you mark proprietary
- Internal hostnames & service names
- Unreleased source in your prompts
- Business logic in comments
src/billing/…internal.host// pricing rules Catches what autonomous tools send — not just what you type.
An agent ingesting a document, a coding agent dumping a .env
into context, an MCP call reaching out on its own — these requests never
touch a browser, so browser-era tools can't see them. scrubadubber sits at
the egress point on your machine, so it does.
A strong safety net — not a magic guarantee. scrubadubber catches known patterns and your configured rules; review what you mark sensitive, and keep secrets out of prompts where you can.
Install
Install in one line.
One command, a silent install — no prompts. Runs locally; your existing tools and commands don't change.
Windows · PowerShell
irm https://scrubadubber.com/install.ps1 | iex Silent, unattended install — validated end-to-end on Windows (v0.1.6).
macOS · sh
curl -fsSL https://scrubadubber.com/install.sh | sh The macOS build is in tester validation — watch the repo for the validated release.
Prefer a direct download?
Open source
Don't trust us. Read the code.
A privacy tool you can't inspect is just a different black box. The bridges and installer are open. The engine ships as public, checksummed binaries — so you can verify exactly what runs on your machine.
The bridge Fully open source
bridge-claude-code
The per-tool integration that points Claude Code (and other CLIs) at scrubadubber. Small, readable, and the same install script you pipe to your shell.
View on GitHub The tray app Installer + releases
scrubadubber
The one-click installer and tray manager for Windows and macOS, plus every release. Open an issue, read the source, file a PR.
View on GitHub The Hub engine Signed binaries + checksums
scrubadubber-hub-releases
The local proxy engine ships as public, checksummed binaries here. The engine source stays private — but every artifact you run is published with a SHA256 you can verify.
View on GitHubOn macOS? The build is in tester validation — watch the repo to be first to the validated release.